Internal Control of Finance Information Systems on ERP Platform (Case Study : PT Petrokopindo Cipta Selaras)

― Businesses of any scale today cannot be separated from Information Systems and Technology, whether large or small scale requires a reliable information system to support appropriate, effective and efficient decision making for stakeholders. The information system that is currently trending in the business world is an Enterprise Resource Program (ERP) based on cloud computing (Cloud) which can help users run a business anywhere and anytime. In a report released by Delloite entitled: Hot Topics for IT Internal Audit In Financial Services reveals that the current hot issues are Cyber Security, Data Protection and Data Privacy, IT Governance and IT Risk. PT Petrokopindo is a company that has implemented cloud-based ERP. However, the potential for risks such as Cyber Security, Data Protection and Data Privacy from Cloud ERP can occur, which can disrupt the company's business operations. In this research, case studies will be carried out on companies that have implemented Cloud-ERP. The method used is the COBIT 5 Framework, which was chosen as the best and more complete guideline than other frameworks in the IT / IS management field (Sutikno, 2014). The expected result is to be able to identify security gaps and material weaknesses of the Cloud- ERP information system and then provide recommendations for improvements so that IS / IT becomes more reliable. It is hoped that this research can be useful for the development of IS / IT governance science, and as input for stakeholders on the Cloud-ERP platform in increasing the reliability of an IS / IT against the risk of information leakage and cyber attacks.


I. INTRODUCTION
USINESSES of any scale today cannot be separated from Information Systems and Technology, whether large or small scale requires a reliable information system to support appropriate, effective and efficient decision making for stakeholders. The information system that is currently trending in the business world is an Enterprise Resource Program (ERP) based on cloud computing (Cloud) which can help users run a business anywhere and anytime. In a report released by Delloite entitled: Hot Topics for IT Internal Audit In Financial Services [1] reveals that the hot issues in 2020 are Cyber Security, Data Protection and Data Privacy, IT Governance and IT Risk, where currently Cloud services Computing is very risky, less secure, and prone to information theft, data loss and cyber attacks.
Regarding the potential for various problems with Cloud Computing above, PT Petrokopindo Cipta Selaras which has implemented a Cloud-based Enterprise Resouce Program (ERP), is prone to experiencing Cyber Attack, losing important financial data, and ultimately disrupting the wheels. company operations. In connection with the very importance of maintaining the security of company information and confidential data on the Cloud ERP platform, this research will conduct a governance and audit of the Financial Information System on ERP platform using the COBIT 5 framework, which cobit 5 was chosen because is the most comprehensive standard guideline of information technology management and the detail in it's processes.
Previous research that aims to prevent cyber attacks is from Wolden [2] which began with a dangerous cyber attack for organizations using the COBIT 5 framework, which resulted in increased IS / IT security. Then the research from Guo [3] which began with the failure of IS / IT management by pharmaceutical companies which caused narcotic type drugs to be purchased freely, because this was prevented by using the COBIT and COSO methods. Then another research from Islam [4] is related to information security using CBOK 2015 which aims to prevent the loss of important information and data by an organization.
This research starts from the stage of identifying strategic objectives taken from PT Petrokopindo's 2020-2024 Company Long Term Plan (RJPP) [5] which is contained in the company's Vision and Mission using the Analytical Hirearchy Process (AHP) to determine the direction of Enterprise Goals and Stakeholder Needs. The AHP concept was chosen because it was able to select the best alternative from a number of alternatives, and AHP was able to change qualitative values to quantitative ones. The alternative referred to is the Company's mission based on criteria determined by the stakeholders. The next step is to do data mining with a classification model for employees at the Finance Directorate of PT X who have very diverse backgrounds with the Decision Tree (C4.5) algorithm so that it can be seen the classification of the right group as a resource, who understands the use of ERP to be sampled research. This research is a qualitative type and the expected results are that it can provide benefits to management related to the level of ERP information system capability and suggestions for improvements so that the quality of financial information systems is getting better.

II. METHOD
This research is divided into 9 stages as seen in Figure 1, consist of: formulation of problems and objectives, analysis of the company's vision and mission with AHP, COBIT Domain Selection, classifying respondents with the Decision Tree, data collection and processing, Validity and Reliability Test, data analysis, Recommendation.

1) Formulation of Problems
At this stage the researcher learns about the problems that exist in the company. Then proceed with determining the research objectives, namely for internal control of financial information systems using the COBIT 5 framework approach.

2) Analysis of the company's vision and mission with AHP
After formulating the problem and research objectives, the researcher then conducted a study related to the research topic. At this stage the researcher conducts a literature study process regarding the literature related to research to find out and understand the scope of the research to be carried out. Literature studies are sourced from international journals, books, and previous research related to the research to be carried out.

3) COBIT 5 Domain Selection
At this stage, it is done by selecting the COBIT domain in accordance with the results of the business goals ranking from the previous stage, the five (5) big ones are chosen from the AHP weighting results according to the company's vision and mission where the top five (5) have represented the company's Enterprise Goals.

4) Classifying respondents with the Decision Tree
At this stage, the data mining technique is carried out with C4.5 classification, using the Rapidminer 9.0 software.

5) Data collection and processing
At this stage, questionnaires were distributed to respondents

6) Validity and Reliability Test
At this stage the results of the questionnaires that have been distributed to respondents are tested with the product moment and Cronbach alpha.

7) Data analysis
At this stage, analysis of the current maturity score is carried out, compared with the expected maturity score.

8) Conclusion
At this stage, the result of this research are described.

A. Results
Results obtained are 60 IT process with the following details are : [details in table 1 and table 2]

B. Capability Level As Is and To Be
The gap analysis can be seen below in Table 2 and Figure  2, 3, 4 respectively: Based on the results of research that has been conducted, There is a significant gap between the capabality levels current IT management with expected. This indicates that IT management not aligned with that expected both for short and long term targets.

As Is
To Be